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DETAILED ACTION 
Continued Examination Under 37 CFR LI 14 

1 . A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1.17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. Applicants submission filed on 10/25/05 has been entered. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

3. Claims 1-31 are rejected under 35 U.S.C. 102(e) as being anticipated by Desai et al. (U.S. 
6,820,204). 

Desai et al. teach claims : 

1 . In an electronic device, a method, comprising the steps of: 
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providing a user profile holding information regarding a user (10), the user profile stored 
on the electronic device (abstract); 

establishing a first set of permissions for the user profile, the first set of permissions 
specifying who may access the user profile, the first set of permissions provided by the user; 
(col.4, lines 44-61 ; . . the registered user may access profile data located on any information 
exchange system or affiliated entity that is connected to the network, provided access has been 
granted to the registered user. The registered user logs onto either an affiliated entity or an 
information exchange system, preferably through a World Wide Web address. When the 
registered user requests profile data, the profile data is automatically retrieved from the various 
locations and made available to the registered user. In a preferred embodiment, the affiliate 
includes a software firewall that can prevent external access to a subset of the profile data stored 
on its affiliate storage system. Through the software firewall, the affiliate, on a field-by-field and 
person-by-person basis, may prevent a certain subset of information from being accessed through 
the network, while allowing the remainder of the information to be freely accessed through the 
network if its associated registered user has granted access thereto.") 

establishing a second set of permissions for a selected sub-division of the user profile, the 
second set of permissions specifying who may access the sub-division, the stored set of 
permissions provided by the user; (col.4, lines 44-61; "...the affiliate includes a software firewall 
that can prevent external access to a subset of the profile data stored on its affiliate storage 
system...") 

receiving a request from a non-user party to reference the selected sub-division, the non- 
user party being an entity other than the user about which the user-profile holds information, the 
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requesting party being specified by the first set of permissions as having access to the user 
profile and being specified by the second set of permissions as having access to the selected sub- 
division; and (col. 5, lines 40-56; " To grant access to stored data, the registered user first selects 
a data element from the user's stored profile information. The registered user then selects one or 
more third party users to which access to the selected data element is to be granted. The 
information exchange system then retrieves the third party's public key from its user profile. The 
registered user's copy of the encrypted secret key for the selected data element is located, and it 
is decrypted using the registered user's private key. The secret key is then encrypted using the 
third party's public key, and stored in the key chain database, along with the third party's user ID 
and the universal ID for the data element. The registered user may create a view of one or more 
data elements, and access to one or more views may be granted to one or more groups of users 
created by the registered user.") 

responding to the request by transmitting the requested information to the requesting 
party, (col.5, lines 40-56, "grant access") 

2. wherein the sub-division is a field, (col.5, lines 13-col.6, line 16) 

3. wherein the first set of permissions specifies what type of access to the user profile is granted 
to those who may access the user profile, (col.5, lines 40-56, "grant access") 

4. wherein at least one party is granted read access to the user profile, indicating that the party 
may read information in the user profile, (col.5, lines 40-56, "grant access") 
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5. wherein at least one party is granted write access to the user profile, indicating that the party 
may write information into the user profile, (col.4, lines 44-61) 

6. wherein at least one party is granted availability access to the user profile, indicating that the 
party may find out whether the user profile is available. . (col.5, lines 40-56) 

7. wherein at least one party is granted delete access to the user profile, indicating that the user 
may delete information in the user profile, (col.5, lines 40-56) 

8. wherein the second set of permissions specifies who may access the user profile, (col.5, lines 
40-56) 

9. wherein one of the first set of permissions and the second set of permissions contains a list of 
parties that may access the user profile and the sub-division, respectively, (col.5, lines 40-56) 

10. wherein defined groups of parties are provided and wherein at least one of the first set of 
permissions and the second set of permissions specifies one of the groups as having access. (20, 
12, 17a) 

1 1 . wherein the user specifies at least one of the first set of permissions and the second set of 
permissions, (col. 9, lines 1-18) 
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12. wherein at least one of the first set of permissions and the second set of permissions is 
established by default, (col.9, lines 1-51) 

13. The method of claim 1, further comprising the step of establishing a third set of permissions 
for an additional one of the sub-divisions in the user profile, wherein said third set of permissions 
specifies who may access the additional sub-division, (col.9, lines 1-51) 

14. wherein the sub-division of the user profile are organized hierarchically and wherein the sub- 
division contains the additional subdivision, (col.9, line 1 -col. 10, line 33) 

15. wherein defined groups are provided and wherein at least one of the first set of permissions 
and the second set of permissions specifies who may have access as an access set, said access set 
resulting from a set algebraic operation performed on at least two of the groups, (col.9, line 1- 
col.10, line 33) 

16. A method, comprising the steps of: providing user profiles that hold information regarding 
users and are accessible via a network, the user profiles stored on at least one electronic device; 
specifying groups of service providers for providing services to the users, each group containing 
a set of service providers; granting access permission for authorized information in a selected 
user profile to a selected one of the groups so that the service providers in the selected group may 
access the authorized information; and transmitting the authorized information to a non-user 



t 
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party in said selected one of the group in response to a request from the non-user party being an 
entity other than the user about which the user profile holds information, (claims 16 is similarly 
rejected as in claim 1) 

Claims 17-20 are similarly rejected as in claims 1-15. 

21. The method of claim 20, wherein the user profile contains a name field holding a name of the 
user and wherein the selected field is the name field. (12;1 10) 

22. The method of claim 20, wherein the user profile contains an address field holding an address 
field holding an address of the user and wherein the selected field is the address field. (18) 

23. The method of claim 20, wherein the permissions are set to block access to multiple ones of 
the fields by the given service provider. (20) 

24. The method of claim 20, wherein the user profile contains a payment field holding 
information regarding a payment mechanism and wherein the given field is the payment field. 
(22a) 



25. The method of claim 20, wherein the user profile contains a credit card field holding credit 
card number and wherein the select field is a credit card field. (22a; fig. 5, payment between 104 
- registered user and 108 - merchant) 



* 
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Claims 26-31 are similarly rejected as in claims 1-15 and 21-25. 

Response to Arguments 

4. Applicant's arguments with respect to claims 1-31 have been considered but are moot in 
view of the new ground(s) of rejection. 

5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jeffrey C. Pwu whose telephone number is 571-272-6798. If 
attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, David 
Wiley can be reached on 571-272-3923. The fax phone number for the organization where this 
application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




1/21/06 



JEFFREY PWU 

PRfMARY EXAMINE 



